Generally, network firewalls are used for providing access control at a network layer of Open System Interconnect (OSI). The network firewall maintains various policies and rules to provide allowance or dropping of incoming traffic at an interface of the network layer. The incoming traffic includes a plurality of packets. The rules are defined based on source or destination IP address(s) and/or source or destination port(s) of the incoming network traffic and accordingly lookup and permit the network traffic in a sequential manner. Further, the policies may apply a denial rule in which policy application is implicitly denied if large amount of incoming traffic is permitted and no drop situation arises. In such a case, a deny policy is applied to deny further rule application and allow the remaining network traffic.
In above stated scenarios, the network firewall may be vulnerable to attacks. In sequential processing feature when a relevant policy is positioned towards the end in the sequence, it may result in delay in processing of relevant packets in the incoming traffic. Further, the network firewall may receive attacks by hacking programs due to a deny policy. Such programs may send large incoming traffic that matches the policies and then harmful packets after the deny policy.
Some conventional methods involve improved firewall for providing network security. The improved firewall may provide dynamic rule generation along with conventional fixed rules. However, such methods may not utilize feedback mechanism to create new rules for implicitly denied packets. Further, such methods do not rely on dynamic ordering of the new rules. Therefore, such methods may not utilize the new rules robustly and may result in discarding the new rule.